LAN & OPT1 share a Chromecast?
-
Is there a way to set up my LAN port and OPT1 (renamed to Guest WiFi)port to be on the same subnet (IP range 192.168.1.1-255), but to keep devices on OPT1 from talking to anything but a single device on LAN while still getting internet access?
Configuration:
em0=WAN, em1=LAN, em2=GuestWiFiLAN contains all my personal network equipment (AP, printer, MOCA bridge, computers, etc)
OPT1 is going to be for guest WiFi, so they shouldn't have access to my file servers, etc but I would like them to be able to push stuff to my Chromecast is that possible?I tried giving the OPT1 interface an IP address of 192.168.1.7 and handing out DHCP to 192.168.1.200-210 however, devices had no internet access and couldn't ping the Chromecast with the following rules on GuestWiFI:
LAN rules:
-
LAN and OPT1 can't be on the same subnet. If LAN is 192.168.1.0/24, make OPT1 something like 192.168.2.0/24 with DHCP range 192.168.2.200-210. Then your rules should work.
-
Like Kom said give your guestwifi its own dhcp server and then make a rule something like this to block all access to your lan:
BLOCK IPv4 * GUESTWIFI net * LAN net * * none
Be sure to give your chromecast a static IP if you have not already.
-
Well, I seem to have it working. I'll have to get a sanity check on my firewall rules for all my networks later this week. Since the two auxiliary APs get turned off when not in use they aren't exactly a security risk all the time.